Re: pkg_admin audit shows vulns for openssl-1.0.2i

[Benny Siegert <bsiegert%gmail.com@localhost>]

I fixed this the other day. I suspect the script which uploads the file to FTP has not run yet.

Matthias Ferdinand <mf+ml.pkgsrc-users%netzwerkagentursaarland.de@localhost> schrieb am Mo., 26. Sep. 2016, 17:46:

Hi,

the command sequence

    pkg_admin fetch-pkg-vulnerabilities
    pkg_admin audit

still shows these vulnerabilities for the recently updated
openssl-1.0.2i:

    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2177
    Package openssl-1.0.2i has a side-channel vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2178
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2180
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2179
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2181
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2182
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6302
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6303

Weren't these vulns supposed to be fixed in 1.0.2i? Perhaps the vuln db
needs updating?

Regards
Matthias